From d7344f366a3ce4378604da6746a5519bf849b208 Mon Sep 17 00:00:00 2001
From: Olivier Fourdan <ofourdan@redhat.com>
Date: Wed, 10 Sep 2025 15:55:06 +0200
Subject: [PATCH] xkb: Make the RT_XKBCLIENT resource private
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Currently, the resource in only available to the xkb.c source file.

In preparation for the next commit, to be able to free the resources
from XkbRemoveResourceClient(), make that variable private instead.

This is related to:

CVE-2025-62230, ZDI-CAN-27545

This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative

Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Michel Dänzer <mdaenzer@redhat.com>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2086>
---
 xkb/xkb.c         | 2 +-
 xkb/xkbsrv_priv.h | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/xkb/xkb.c b/xkb/xkb.c
index f604d3915c..1822e0eaa9 100644
--- a/xkb/xkb.c
+++ b/xkb/xkb.c
@@ -56,7 +56,7 @@ int XkbKeyboardErrorCode;
 CARD32 xkbDebugFlags = 0;
 static CARD32 xkbDebugCtrls = 0;
 
-static RESTYPE RT_XKBCLIENT;
+RESTYPE RT_XKBCLIENT = 0;
 
 /***====================================================================***/
 
diff --git a/xkb/xkbsrv_priv.h b/xkb/xkbsrv_priv.h
index 37dbc886be..894f27eb28 100644
--- a/xkb/xkbsrv_priv.h
+++ b/xkb/xkbsrv_priv.h
@@ -98,6 +98,8 @@
         device->public.realInputProc = oldprocs->realInputProc; \
         device->unwrapProc = oldprocs->unwrapProc;
 
+extern RESTYPE RT_XKBCLIENT;
+
 void xkbUnwrapProc(DeviceIntPtr, DeviceHandleProc, void *);
 
 void XkbForceUpdateDeviceLEDs(DeviceIntPtr keybd);